CVE-2024-43660

Summary

CVE-2024-43660: A high-severity vulnerability affects the Iocharger firmware for AC model chargers before version 24120701. The CGI script <redacted>.sh enables an attacker to download any file on the filesystem, including sensitive files, with the required credentials. The impact is critical as attackers can obtain files such as the CGI script source code, configuration files, or even the /etc/shadow file. The CVSS score is 4.0, indicating a high level of vulnerability with no additional security measures needed to be bypassed (AC:L). The attack can be executed over any network connection where the web interface is served (AV:N) and does not require user interaction (UI:N). The confidentiality of all files on the device can be compromised (VC:H), but there is no impact on subsequent systems (SC:N). This vulnerability can be automated (AU:Y), making it a significant threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.